Re: [PATCH v1 2/3] dm-inlinecrypt: add target for inline block device encryption

Next message: Ian Rogers: "Re: [PATCH v1] perf symbol: Lazily compute idle and use the perf_env"
Previous message: Vikash Garodia: "Re: [PATCH v3 2/7] media: iris: switch to hardware mode after firmware boot"
In reply to: Linlin Zhang: "Re: [PATCH v1 2/3] dm-inlinecrypt: add target for inline block device encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Milan Broz

Date: Wed Mar 25 2026 - 11:58:21 EST

On 3/25/26 12:57 PM, Linlin Zhang wrote:

I understood that supporting keyring here is to ensure no raw key exposed to
dm table. As implied by the name dm-inlinecrypt, the key used by dm-inlinecyrpt
is a wrapped key, rather raw key. Can we keep the wrapped key inside the mapping
table?

Whatever key it is, it allows activation of the encrypted device. And it does not
need to be cached inside device-mapper layer (in DM table).

In other word, can dm-inlinecrypt support both keyring and hex key(key in mapping
table)?

Yes, support both. There are situations user must use hexkey directly.
But IMO, keyring option should be supported from the beginning.

Thanks,
Milan